Apache Archiva is prone to multiple remote command-execution vulnerabilities.
Successful exploits will allow remote attackers to execute arbitrary commands within the context of the affected application.
Ask the vendor for an update.
Apache Archiva use Apache Struts2: "In Struts 2 before 220.127.116.11 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code."
Apache Archiva <= 1.3.6
Send a special crafted HTTP GET request and check the response.